Adding Private Key into iOS Keychain

iOS: Adding a Private Key to the devices KeyChain

Official response from Apple on this exact subject was that it was unsupported. The only supported way of getting private keys into the Keychain was through PKCS#12 files.

Adding private key into iOS Keychain

The following code worked for me:

NSMutableDictionary *query = [[NSMutableDictionary alloc] init]; 
[query setObject:(id)kSecClassKey forKey:(id)kSecClass]; 
[query setObject:(id)kSecAttrAccessibleWhenUnlocked forKey:(id)kSecAttrAccessible]; 
[query setObject:[NSNumber numberWithBool:YES] forKey:(id)kSecReturnData];

//adding access key 
[query setObject:(id)key forKey:(id)kSecAttrApplicationTag];

//removing item if it exists 
SecItemDelete((CFDictionaryRef)query);

//setting data (private key) 
[query setObject:(id)data forKey:(id)kSecValueData];

CFTypeRef persistKey; OSStatus status = SecItemAdd((CFDictionaryRef)query, &persistKey);

if(status) {
    NSLog(@"Keychain error occured: %ld (statuscode)", status);
    return NO; 
}

How can I add private key to the distribution certificate?

Yes, the error you are getting means that there is not a private key on your Mac associated with the distribution certificate you are trying to use to sign the app.

There are two possible solutions, depending on whether the computer who requested the distribution certificate is available or not.

If the computer who requested the distribution certificate is available (or there is a backup of the distribution assets somewhere)

  1. From the computer where the distribution asset was generated, open Xcode.
  2. Click on Window, Organizer.
  3. Expand the Teams section.
  4. Select your team, select the certificate of "iOS Distribution" type, click Export and follow the instructions.
  5. Save the exported file and go to your computer.
  6. Repeat steps 1-3.
  7. Click Import and select the file you exported before.

If the computer where the distribution profile was created is not accessible anymore (and there is not a backup)

You have to revoke the certificate and create a new one.

You may need to ask your team admin or agent to give you some privileges in order to generate distribution certificates. Once you have enough privileges, follow these steps (accurate as of 15-May-2013):

  1. Go to this webpage: https://developer.apple.com/devcenter/ios/index.action
  2. Click on "Member Center" and enter your iOS developer credentials.
  3. Click on "Certificates, Identifiers & Profiles".
  4. Click on "Certificates" under the "iOS Apps" section.
  5. Expand the Certificates section on the left, select Distribution, and click on your distribution certificate.
  6. Click Revoke and follow the instructions.
  7. Click on the plus sign to add a new certificate.
  8. Select "App Store and Ad Hoc" option, and click Continue.
  9. Follow the steps printed in the webpage. That involves opening the Keychain application on your Mac and generate a Certificate Signing Request from there. Click Continue.
  10. Upload the .csr file and click Continue.
  11. A certificate is generated for distribution. Download it and double click it to integrate it in your keychain.

Reopen Xcode and check your project configuration to see if you can now select an "iPhone Distribution" certificate (i.e. it's not grayed out).

Import RSA keys to iPhone keychain?

The answer was to call SecItemAdd with the right set of flags. See: http://hg.mozilla.org/services/fx-home/file/tip/Sources/NetworkAndStorage/CryptoUtils.m#l931

How can I use an existing private key to a new iOS development certificate?

First, I had to export my private key from the keychain as a p12 file. I tried scripting this, but was unsuccessful.

  1. Open keychain and select your private key
  2. Right-click and select "Export "
  3. Use a p12 file type.

Run the following openssl command to convert your password-protected p12 file to a pem. openssl will prompt for a password.

openssl pkcs12 -in your-newly-exported-p12-file.p12 -out your-newly-exported-p12-file-as-a-pem.pem -nodes

Run the following command on your pem file to generate the csr.

openssl req -new -key your-newly-exported-p12-file-as-a-pem.pem -out your-csr-to-submit-to-apple.csr

Related Topics

iOS App Submission and Beta Review Process

Launch a Local Notification at a Specific Time in iOS

Nsuserdefaults Unreliable in iOS 8

iOS App Deployment Without Appstore

Create a Button Programmatically and Set a Background Image

Find Where Object Is Retained with Arc

How to Change Label Constraints During Runtime

How to Remove All Navigationbar Back Button Title

Unselected Uitabbar Color

How to Get the Size of a Scaled Uiimage in Uiimageview

How to Create .Ipa File for Testing Using Runner.App

To Convert Image to Cartoon in iOS

Icon Already Includes Gloss Effects

How to Load Custom Cell ( Xib) in Uicollectionview Cell Using Swift

iOS 7.1 Uitableviewcell Content Overlaps with Ones Below

Improper Advertising Identifier [Idfa] Usage

How to Set Multi Line Large Title in Navigation Bar? ( New Feature of iOS 11)

How to Set a Custom View's Intrinsic Content Size in Swift


Leave a reply



Submit